[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

/etc/shadow and mod_auth_pam with pam_pwdb



hello,

i have an apache server running as a non-root user with the following
pam config:

#%PAM-1.0 
auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so retry=3
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok

the /etc/pwdb.conf file has:

user:
        unix+shadow
        nis+unix+shadow
group:
        unix+shadow
        nis+unix+shadow

the problem is that the pam_pwdb library is unable to authenticate
anyone other than the user running the server (httpd, in this case)
using the /sbin/pwdb_chkpwd helper application.  pam_pwdb works great
with most other servers as they are run as root.

i am trying to fix this situation by changing the interface between
pam_pwdb and pwdb_chkpwd so the helper application takes both an userid
and a password to verify it with /etc/shadow.  i also plan to restrict
the read/execute permissions on /sbin/pwdb_chkpwd to owner/group and
make httpd be a member of this group.

comments/suggestions?  (btw, using linux-pam-0.66 and pwdb-0.55)

thanks,
thi



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []